device_cgroup: prepare code for bpf-based device controller

This is non-functional change to prepare the device cgroup code
for adding eBPF-based controller for cgroups v2.

The patch performs the following changes:
1) __devcgroup_inode_permission() and devcgroup_inode_mknod()
   are moving to the device-cgroup.h and converting into static inline.
2) __devcgroup_check_permission() is exported.
3) devcgroup_check_permission() wrapper is introduced to be used
   by both existing and new bpf-based implementations.

Signed-off-by: Roman Gushchin <guro@fb.com>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Roman Gushchin 2017-11-05 08:15:31 -05:00 коммит произвёл David S. Miller
Родитель 67e306fdbe
Коммит ecf8fecb78
2 изменённых файлов: 59 добавлений и 49 удалений

Просмотреть файл

@ -1,17 +1,70 @@
/* SPDX-License-Identifier: GPL-2.0 */
#include <linux/fs.h>
#define DEVCG_ACC_MKNOD 1
#define DEVCG_ACC_READ 2
#define DEVCG_ACC_WRITE 4
#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE)
#define DEVCG_DEV_BLOCK 1
#define DEVCG_DEV_CHAR 2
#define DEVCG_DEV_ALL 4 /* this represents all devices */
#ifdef CONFIG_CGROUP_DEVICE
extern int __devcgroup_inode_permission(struct inode *inode, int mask);
extern int devcgroup_inode_mknod(int mode, dev_t dev);
extern int __devcgroup_check_permission(short type, u32 major, u32 minor,
short access);
#else
static inline int __devcgroup_check_permission(short type, u32 major, u32 minor,
short access)
{ return 0; }
#endif
#ifdef CONFIG_CGROUP_DEVICE
static inline int devcgroup_check_permission(short type, u32 major, u32 minor,
short access)
{
return __devcgroup_check_permission(type, major, minor, access);
}
static inline int devcgroup_inode_permission(struct inode *inode, int mask)
{
short type, access = 0;
if (likely(!inode->i_rdev))
return 0;
if (!S_ISBLK(inode->i_mode) && !S_ISCHR(inode->i_mode))
if (S_ISBLK(inode->i_mode))
type = DEVCG_DEV_BLOCK;
else if (S_ISCHR(inode->i_mode))
type = DEVCG_DEV_CHAR;
else
return 0;
return __devcgroup_inode_permission(inode, mask);
if (mask & MAY_WRITE)
access |= DEVCG_ACC_WRITE;
if (mask & MAY_READ)
access |= DEVCG_ACC_READ;
return devcgroup_check_permission(type, imajor(inode), iminor(inode),
access);
}
static inline int devcgroup_inode_mknod(int mode, dev_t dev)
{
short type;
if (!S_ISBLK(mode) && !S_ISCHR(mode))
return 0;
if (S_ISBLK(mode))
type = DEVCG_DEV_BLOCK;
else
type = DEVCG_DEV_CHAR;
return devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
DEVCG_ACC_MKNOD);
}
#else
static inline int devcgroup_inode_permission(struct inode *inode, int mask)
{ return 0; }

Просмотреть файл

@ -15,15 +15,6 @@
#include <linux/rcupdate.h>
#include <linux/mutex.h>
#define DEVCG_ACC_MKNOD 1
#define DEVCG_ACC_READ 2
#define DEVCG_ACC_WRITE 4
#define DEVCG_ACC_MASK (DEVCG_ACC_MKNOD | DEVCG_ACC_READ | DEVCG_ACC_WRITE)
#define DEVCG_DEV_BLOCK 1
#define DEVCG_DEV_CHAR 2
#define DEVCG_DEV_ALL 4 /* this represents all devices */
static DEFINE_MUTEX(devcgroup_mutex);
enum devcg_behavior {
@ -810,7 +801,7 @@ struct cgroup_subsys devices_cgrp_subsys = {
*
* returns 0 on success, -EPERM case the operation is not permitted
*/
static int __devcgroup_check_permission(short type, u32 major, u32 minor,
int __devcgroup_check_permission(short type, u32 major, u32 minor,
short access)
{
struct dev_cgroup *dev_cgroup;
@ -833,37 +824,3 @@ static int __devcgroup_check_permission(short type, u32 major, u32 minor,
return 0;
}
int __devcgroup_inode_permission(struct inode *inode, int mask)
{
short type, access = 0;
if (S_ISBLK(inode->i_mode))
type = DEVCG_DEV_BLOCK;
if (S_ISCHR(inode->i_mode))
type = DEVCG_DEV_CHAR;
if (mask & MAY_WRITE)
access |= DEVCG_ACC_WRITE;
if (mask & MAY_READ)
access |= DEVCG_ACC_READ;
return __devcgroup_check_permission(type, imajor(inode), iminor(inode),
access);
}
int devcgroup_inode_mknod(int mode, dev_t dev)
{
short type;
if (!S_ISBLK(mode) && !S_ISCHR(mode))
return 0;
if (S_ISBLK(mode))
type = DEVCG_DEV_BLOCK;
else
type = DEVCG_DEV_CHAR;
return __devcgroup_check_permission(type, MAJOR(dev), MINOR(dev),
DEVCG_ACC_MKNOD);
}